On September 20, 2024, the Lassen Clinics learned there was an active cyber event on its IT network involving an unknown individual. The Lassen Clinics’ IT network was temporarily disabled and rendered inaccessible before the Lassen Clinics were able to restore it the next day. Upon learning of the security incident, the Lassen Clinics immediately took steps to secure its network and began an investigation with the assistance of an external forensics vendor.
The investigation determined that an unauthorized third party gained access to the Lassen Clinics network between September 17, 2024, to September 20, 2024. On December 3, 2024, the Lassen Clinics learned that the unauthorized third party obtained copies of some of the data from its systems containing confidential patient medical information, however, the unauthorized third party did not acquire any data directly from the Lassen Clinics’ Electronic Medical Record (EMR).
Some information in the Lassen Clinics' records may have been accessed or acquired by an unauthorized third party. The information in the files may have included name, address, date of birth, driver's license number, financial account information, as well as medical and health insurance information. A small number of individuals may also have had a Social Security Number involved.
Upon learning of the event, the Lassen Clinics took quick action to protect its systems, contain the incident, open an investigation, and maintain continuity of healthcare. Once secured, systems were returned to the network with additional security and monitoring tools.
The Fatal Flaws in Active Shooter Response in Healthcare Facilities
Utah Hospital Outage Highlights Backup Power and Resiliency Challenges
Ground Broken on New North Dakota State Hospital
Form Your Pit Crew: Key Takeaways From the 2025 Healthcare Innovations Conference
Glens Falls Hospital Caught Up in Oracle Health Data Breach